NSA Defends Encryption Backdoors By Promising It's Only Used To Spy On All Of Us

from the choice-of-words... dept

The Director of National Intelligence has now responded to the unveiling of the fact that the NSA inserted backdoors in various forms of encryption and recruited internal spies at telco companies with one of his typically ridiculous statements using carefully parsed words. It sounds like the NSA rushed out that statement, because the attempt to assure the public that it's just being used on bad people leaves open a pretty large loophole. See if you can spot it:

Throughout history, nations have used encryption to protect their secrets, and today, terrorists, cybercriminals, human traffickers and others also use code to hide their activities. Our intelligence community would not be doing its job if we did not try to counter that.

Highlighting added by me. Here's a tip: when trying to reassure the public that you're not abusing your powers, and that you're breaking basic encryption used widely across the internet for their own good by narrowly targeting whom it's used against, maybe (just maybe) don't include a hedge word that includes every human being on earth.

As Ken White noted, we are all "others" here. We've already noted that previous leaks, concerning "minimization" have shown that the NSA people believe that if your data is encrypted then they can keep it, because you might be evil, and that comes through here as well. They keep trying to focus on how this is just about stopping terrorists, but it always leaves that massive loophole for "others."

So, once again, the NSA's attempt to insist that what it's doing is narrow and targeted and just after "the bad guys," yet again only breeds further reasons to trust the NSA even less. As White notes, this whole situation is particularly disturbing because so much can be classified under "others" that should be seen as reasonable and normal activity of a person who questions whether the government is really acting as a representative of the people.

I am the other because I do not trust my government in general, or the people working for its security apparatus in particular.

I am the other because I believe the Security State and its representatives habitually lie, both directly and by misleading language, about the scope of their spying on us. I believe they feel entitled to do so.

I am the other because I don't believe the Security State and its representatives when they say that government spying is reserved for foreign terrorists. In fact, the NSA's "minimization" techniques — touted as methods for restricting spying to foreign terrorists instead of U.S. citizens — are often transparently and insultingly ridiculous.

I am the other because I don't believe my government when it tries to convince us that enhanced spying techniques are used to protect us from terrorists. I believe, instead, that the increased powers acquired by my government since 9/11 have been habitually brought to bear for domestic purposes, including such things as the ruinous and amoral War on Drugs.

Ken goes on from there and it's well worth reading the entire statement. The NSA sees the American public as the adversary and believes it can track pretty much anyone as an "other." And for those who believe you "have nothing to fear because you've done nothing wrong," it's time to recognize that you too, are the "other."

Re: The problem:

Those backdoors will eventually be found by other people [...]

This has probably already happened. And those who found them aren't going to tell us (because they want to profit from them) and the NSA isn't going to tell us (because they don't want to admit what they've done).

So as a result, we're all LESS secure. Worse, we don't know much less (see above). Still worse, we have no idea how to fix it because we have no idea what's broken.

Re: The problem:

Yeah, that's a problem, but not the problem. The main problem is that these backdoors are used by governmental spies. That's the main problem because we know without a doubt that they cannot be trusted with that kind of power and access at all -- they are the first bad guys in line.

Re: Re: The problem:

I don't necessarily agree. I think this the introduction of intentional weaknesses, and the ability for people who are not NSA to exploit those weaknesses, is the biggest problem of all.

Sure, we can't trust the NSA 100%, especially if you're not a part of the same political party that controls the executive. But, truth be told, the impact that NSA spying has on your average citizen is significantly less than the impact a potential e.g. Russian hacker could have over that same citizen's bank account. I say this not to minimize the issue with NSA spying - it would still be a problem even without weakening encryption - but just to point out that IMO, the weaknesses introduced into encryption are far more dangerous in the hands of real criminals who have the serious intention of doing major harm to innocent people.

This puts the finger exactly on the issue. This sense of entitlement that they should be able to spy on any one at any time for any reason, regardless of the law comes down to violation of personal privacy and the equivalent of digitally searching through your personally papers and private business.

Every time the NSA puts forward an apologist so say everything is fine, it's a loaded statement with a ton of lies, misdirection, and carefully crafted reassurances that turn out within days to be false.

This government, the NSA, and major corporations that are selling data back to the branches of government is entirely out of hand.

Even worse yet according to the leaks, since the 1990's the NSA's tech experts have been working to insert security vulnerabilities into technology standards to make spying on everyone easier.

I guess all have a new scapegoat for the last 10+ years and the next 10+ years whenever there's a big data breach that does massive damage to the economy, the NSA did it with all the security vulnerabilities they inserted into the tech standards.

I'm sure there are lots of countries that feel the same about those who "use code to hide their activities", but I doubt the United States would be very sympathetic to countries that followed the United States' example and sneaked backdoors into encryption products used by the United States (including citizens, corporations and the military) simply because those countries wouldn't be "doing [their] job if [they] did not try to counter that."

Re:

Which raises a good point. It will be interesting to see the (probable lack of) countries around the world freaking out about these revelations.
A lack of complaint from a government to me will likely mean one of 3 things:
1/ They are sharing some or all of the "take"
2/ The US has bullied them into submission
3/ The members of the government in question have no idea just what this means for their own country.
Any of those is rather scary...

Re: open source

"Open source" is "free software" without the most important part, the ethics. While both are largely released under free software licences and are therefore legally the same the distinction is not unimportant:

Take Ubuntu, which is an open source distribution of GNU/Linux, it lacks the ehtical imperitives of free software and has "binary blobs", and binary isn't real source code - it's very difficult to use if you're making any non-trivial modification to the program. What's the betting the NSA working with Google haven't got binary blobs or even proprietary elements in Android?

Go fully free software with a distro such as gNewSense (Debian based). Debian is fully free by default but it makes it too easy to get proprietary software by keeping it in its repositories, although they are fairly clearly marked.

P.S. Use Gnash instead of adobe flashplayer, Gnash is free software - it doesn't always work perfectly but at least you can be fairly certain the NSA or GCHQ haven't screwed around with it.

Re: open source

Like we need another reason to call the FS movement a cult. "Free software without the ethics" sounds like a religious argument, not a technical or engineering one. Go back to worshiping RMS, we pragmatic folks prefer the "cathedral and bazaar" approach.

It's like vegans criticizing vegetarians for being less doctrinaire. And fruitarians criticizing both.